Computer Security
[EN] securityvulns.ru no-pyccku


IBM DB database JDBC service multiple security vulnerabilities
Published:13.10.2007
Source:
SecurityVulns ID:8245
Type:remote
Threat Level:
7/10
Description:DB2JDS (TCP/6789) format string vulnerability and multiple DoS conditions.
Affected:IBM : DB2 Universal Database 8.1
 IBM : DB2 Universal Database 8.2
CVE:CVE-2007-5324 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-2582. Reason: This candidate is a duplicate of CVE-2007-2582. Notes: All CVE users should reference CVE-2007-2582 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
Original documentdocumentZDI, ZDI-07-056: IBM DB2 DB2JDS Multiple Vulnerabilities (13.10.2007)

EMC replistor buffer overflow
updated since 13.10.2007
Published:13.10.2007
Source:
SecurityVulns ID:8246
Type:remote
Threat Level:
7/10
Description:Buffer overflow in server service (TCP/7144).
Affected:EMC : Replistor 6.1
CVE:CVE-2007-5323 (The RepliStor Server Service in EMC Replistor 6.1.3 allows remote attackers to execute arbitrary code via a size value that causes RepliStor to create a smaller buffer than expected, which triggers a buffer overflow when that buffer is used in a recv function call.)
Original documentdocument3COM, TPTI-07-18: EMC RepliStor Server Heap Overflow Vulnerability (13.10.2007)

Firebird SQL server buffer overflow
Published:13.10.2007
Source:
SecurityVulns ID:8247
Type:remote
Threat Level:
7/10
Description:Oversized TCP/3050 server service request buffer overflow.
Affected:FIREBIRD : Firebird SQL 2.0
CVE:CVE-2007-4992
Original documentdocumentZDI, ZDI-07-057: Firebird process_packet() Remote Stack Overflow Vulnerability (13.10.2007)

MySQL multiple security vulnerabilities
Published:13.10.2007
Source:
SecurityVulns ID:8248
Type:remote
Threat Level:
6/10
Description:Denial of service, privilege escalation.
Affected:MYSQL : MySQL 4.1
 ORACLE : MySQL 5.0
CVE:CVE-2007-3782 (MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.)
 CVE-2007-3780 (MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.)
 CVE-2007-2691 (MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.)
 CVE-2007-2583 (The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.)
Original documentdocumentUBUNTU, [email protected], [email protected] (13.10.2007)

libFlac / WinAMP multiple integer overflows
Published:13.10.2007
Source:
SecurityVulns ID:8249
Type:library
Threat Level:
6/10
Description:Multiple integer overflows on FLAC sound format parsing.
Affected:LIBFLAC : libFLAC 1.2
 WINAMP : Winamp 5.35
Original documentdocumentIDEFENSE, iDefense Security Advisory 10.11.07: Multiple Vendor FLAC Library Multiple Integer Overflow Vulnerabilities (13.10.2007)

OpenSSL DTLS code execution
Published:13.10.2007
Source:
SecurityVulns ID:8250
Type:library
Threat Level:
5/10
Affected:OPENSSL : OpenSSL 0.9
CVE:CVE-2007-4995 (Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.)
Original documentdocumentBen Laurie, Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070326 Thunderbird/2.0.0.0 Mnenhy/0.7.4.0 (13.10.2007)

hplip shell characteres
Published:13.10.2007
Source:
SecurityVulns ID:8251
Type:local
Threat Level:
5/10
Description:hpssd utility shell charactesr vulnerability.
Affected:HPLIP : hplip 1.6
CVE:CVE-2007-5208
Original documentdocumentUBUNTU, [USN-530-1] hplip vulnerability (13.10.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod